This report contains detail for the following vulnerabilities:
| Tag | CVE ID | CVE Title |
|---|---|---|
| Azure AD Web Sign-in | CVE-2021-27092 | Azure AD Web Sign-in Security Feature Bypass Vulnerability |
| Azure DevOps | CVE-2021-27067 | Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability |
| Azure DevOps | CVE-2021-28459 | Azure DevOps Server Spoofing Vulnerability |
| Azure Sphere | CVE-2021-28460 | Azure Sphere Unsigned Code Execution Vulnerability |
| Microsoft Edge (Chromium-based) | CVE-2021-21226 | Chromium: CVE-2021-21226 Use after free in navigation |
| Microsoft Edge (Chromium-based) | CVE-2021-21222 | Chromium: CVE-2021-21222 Heap buffer overflow in V8 |
| Microsoft Edge (Chromium-based) | CVE-2021-21223 | Chromium: CVE-2021-21223 Integer overflow in Mojo |
| Microsoft Edge (Chromium-based) | CVE-2021-21225 | Chromium: CVE-2021-21225 Out of bounds memory access in V8 |
| Microsoft Edge (Chromium-based) | CVE-2021-21224 | Chromium: CVE-2021-21224 Type Confusion in V8 |
| Microsoft Edge (Chromium-based) | CVE-2021-21233 | Chromium: CVE-2021-21233 Heap buffer overflow in ANGLE |
| Microsoft Edge (Chromium-based) | CVE-2021-21228 | Chromium: CVE-2021-21228 Insufficient policy enforcement in extensions |
| Microsoft Edge (Chromium-based) | CVE-2021-21227 | Chromium: CVE-2021-21227 Insufficient data validation in V8 |
| Microsoft Edge (Chromium-based) | CVE-2021-21232 | Chromium: CVE-2021-21232 Use after free in Dev Tools |
| Microsoft Edge (Chromium-based) | CVE-2021-21195 | Chromium: CVE-2021-21195 Use after free in V8 |
| Microsoft Edge (Chromium-based) | CVE-2021-21196 | Chromium: CVE-2021-21196 Heap buffer overflow in TabStrip |
| Microsoft Edge (Chromium-based) | CVE-2021-21219 | Chromium: CVE-2021-21219 Uninitialized Use in PDFium |
| Microsoft Edge (Chromium-based) | CVE-2021-21194 | Chromium: CVE-2021-21194 Use after free in screen capture |
| Microsoft Edge (Chromium-based) | CVE-2021-21197 | Chromium: CVE-2021-21197 Heap buffer overflow in TabStrip |
| Microsoft Edge (Chromium-based) | CVE-2021-21206 | Chromium: CVE-2021-21206 Use after free in Blink |
| Microsoft Edge (Chromium-based) | CVE-2021-21220 | Chromium: CVE-2021-21220 Insufficient validation of untrusted input in V8 for x86_64 |
| Microsoft Edge (Chromium-based) | CVE-2021-21198 | Chromium: CVE-2021-21198 Out of bounds read in IPC |
| Microsoft Edge (Chromium-based) | CVE-2021-21199 | Chromium: CVE-2021-21199 Use Use after free in Aura |
| Microsoft Edge (Chromium-based) | CVE-2021-21229 | Chromium: CVE-2021-21229 Incorrect security UI in downloads |
| Microsoft Edge (Chromium-based) | CVE-2021-21212 | Chromium: CVE-2021-21212 Incorrect security UI in Network Config UI |
| Microsoft Edge (Chromium-based) | CVE-2021-21213 | Chromium: CVE-2021-21213 Use after free in WebMIDI |
| Microsoft Edge (Chromium-based) | CVE-2021-21211 | Chromium: CVE-2021-21211 Inappropriate implementation in Navigation |
| Microsoft Edge (Chromium-based) | CVE-2021-21209 | Chromium: CVE-2021-21209 Inappropriate implementation in storage |
| Microsoft Edge (Chromium-based) | CVE-2021-21210 | Chromium: CVE-2021-21210 Inappropriate implementation in Network |
| Microsoft Edge (Chromium-based) | CVE-2021-21217 | Chromium: CVE-2021-21217 Uninitialized Use in PDFium |
| Microsoft Edge (Chromium-based) | CVE-2021-21218 | Chromium: CVE-2021-21218 Uninitialized Use in PDFium |
| Microsoft Edge (Chromium-based) | CVE-2021-21216 | Chromium: CVE-2021-21216 Inappropriate implementation in Autofill |
| Microsoft Edge (Chromium-based) | CVE-2021-21214 | Chromium: CVE-2021-21214 Use after free in Network API |
| Microsoft Edge (Chromium-based) | CVE-2021-21215 | Chromium: CVE-2021-21215 Inappropriate implementation in Autofill |
| Microsoft Edge (Chromium-based) | CVE-2021-21202 | Chromium: CVE-2021-21202 Use after free in extensions |
| Microsoft Edge (Chromium-based) | CVE-2021-21203 | Chromium: CVE-2021-21203 Use after free in Blink |
| Microsoft Edge (Chromium-based) | CVE-2021-21201 | Chromium: CVE-2021-21201 Use after free in permissions |
| Microsoft Edge (Chromium-based) | CVE-2021-21230 | Chromium: CVE-2021-21230 Type Confusion in V8 |
| Microsoft Edge (Chromium-based) | CVE-2021-21231 | Chromium: CVE-2021-21231 Insufficient data validation in V8 |
| Microsoft Edge (Chromium-based) | CVE-2021-21207 | Chromium: CVE-2021-21207 Use after free in IndexedDB |
| Microsoft Edge (Chromium-based) | CVE-2021-21208 | Chromium: CVE-2021-21208 Insufficient data validation in QR scanner |
| Microsoft Edge (Chromium-based) | CVE-2021-21221 | Chromium: CVE-2021-21221 Insufficient validation of untrusted input in Mojo |
| Microsoft Edge (Chromium-based) | CVE-2021-21204 | Chromium: CVE-2021-21204 Use after free in Blink |
| Microsoft Edge (Chromium-based) | CVE-2021-21205 | Chromium: CVE-2021-21205 Insufficient policy enforcement in navigation |
| Microsoft Exchange Server | CVE-2021-28481 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| Microsoft Exchange Server | CVE-2021-28482 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| Microsoft Exchange Server | CVE-2021-28480 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| Microsoft Exchange Server | CVE-2021-28483 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2021-28350 | Windows GDI+ Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2021-28318 | Windows GDI+ Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2021-28348 | Windows GDI+ Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2021-28349 | Windows GDI+ Remote Code Execution Vulnerability |
| Microsoft Internet Messaging API | CVE-2021-27089 | Microsoft Internet Messaging API Remote Code Execution Vulnerability |
| Microsoft NTFS | CVE-2021-27096 | NTFS Elevation of Privilege Vulnerability |
| Microsoft NTFS | CVE-2021-28312 | Windows NTFS Denial of Service Vulnerability |
| Microsoft Office Excel | CVE-2021-28454 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office Excel | CVE-2021-28451 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office Excel | CVE-2021-28449 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Office Excel | CVE-2021-28456 | Microsoft Excel Information Disclosure Vulnerability |
| Microsoft Office Outlook | CVE-2021-28452 | Microsoft Outlook Memory Corruption Vulnerability |
| Microsoft Office SharePoint | CVE-2021-28450 | Microsoft SharePoint Denial of Service Update |
| Microsoft Office Word | CVE-2021-28453 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-28464 | VP9 Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-28468 | Raw Image Extension Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-28317 | Microsoft Windows Codecs Library Information Disclosure Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-28466 | Raw Image Extension Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-27079 | Windows Media Photo Codec Information Disclosure Vulnerability |
| Microsoft Windows DNS | CVE-2021-28328 | Windows DNS Information Disclosure Vulnerability |
| Microsoft Windows DNS | CVE-2021-28323 | Windows DNS Information Disclosure Vulnerability |
| Microsoft Windows Speech | CVE-2021-28351 | Windows Speech Runtime Elevation of Privilege Vulnerability |
| Microsoft Windows Speech | CVE-2021-28436 | Windows Speech Runtime Elevation of Privilege Vulnerability |
| Microsoft Windows Speech | CVE-2021-28347 | Windows Speech Runtime Elevation of Privilege Vulnerability |
| Open Source Software | CVE-2021-28458 | Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability |
| Role: Hyper-V | CVE-2021-26416 | Windows Hyper-V Denial of Service Vulnerability |
| Role: Hyper-V | CVE-2021-28314 | Windows Hyper-V Elevation of Privilege Vulnerability |
| Role: Hyper-V | CVE-2021-28444 | Windows Hyper-V Security Feature Bypass Vulnerability |
| Role: Hyper-V | CVE-2021-28441 | Windows Hyper-V Information Disclosure Vulnerability |
| Visual Studio | CVE-2021-27064 | Visual Studio Installer Elevation of Privilege Vulnerability |
| Visual Studio Code | CVE-2021-28473 | Visual Studio Code Remote Code Execution Vulnerability |
| Visual Studio Code | CVE-2021-28469 | Visual Studio Code Remote Code Execution Vulnerability |
| Visual Studio Code | CVE-2021-28477 | Visual Studio Code Remote Code Execution Vulnerability |
| Visual Studio Code | CVE-2021-28457 | Visual Studio Code Remote Code Execution Vulnerability |
| Visual Studio Code | CVE-2021-28471 | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability |
| Visual Studio Code | CVE-2021-28475 | Visual Studio Code Remote Code Execution Vulnerability |
| Visual Studio Code - GitHub Pull Requests and Issues Extension | CVE-2021-28470 | Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability |
| Visual Studio Code - Kubernetes Tools | CVE-2021-28448 | Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability |
| Visual Studio Code - Maven for Java Extension | CVE-2021-28472 | Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability |
| Windows Application Compatibility Cache | CVE-2021-28311 | Windows Application Compatibility Cache Denial of Service Vulnerability |
| Windows AppX Deployment Extensions | CVE-2021-28326 | Windows AppX Deployment Server Denial of Service Vulnerability |
| Windows Console Driver | CVE-2021-28438 | Windows Console Driver Denial of Service Vulnerability |
| Windows Console Driver | CVE-2021-28443 | Windows Console Driver Denial of Service Vulnerability |
| Windows Diagnostic Hub | CVE-2021-28322 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability |
| Windows Diagnostic Hub | CVE-2021-28313 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability |
| Windows Diagnostic Hub | CVE-2021-28321 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability |
| Windows Early Launch Antimalware Driver | CVE-2021-28447 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability |
| Windows ELAM | CVE-2021-27094 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability |
| Windows Event Tracing | CVE-2021-27088 | Windows Event Tracing Elevation of Privilege Vulnerability |
| Windows Event Tracing | CVE-2021-28435 | Windows Event Tracing Information Disclosure Vulnerability |
| Windows Installer | CVE-2021-26413 | Windows Installer Spoofing Vulnerability |
| Windows Installer | CVE-2021-26415 | Windows Installer Elevation of Privilege Vulnerability |
| Windows Installer | CVE-2021-28440 | Windows Installer Elevation of Privilege Vulnerability |
| Windows Installer | CVE-2021-28437 | Windows Installer Information Disclosure Vulnerability |
| Windows Kernel | CVE-2021-27093 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2021-28309 | Windows Kernel Information Disclosure Vulnerability |
| Windows Media Player | CVE-2021-28315 | Windows Media Video Decoder Remote Code Execution Vulnerability |
| Windows Media Player | CVE-2021-27095 | Windows Media Video Decoder Remote Code Execution Vulnerability |
| Windows Network File System | CVE-2021-28445 | Windows Network File System Remote Code Execution Vulnerability |
| Windows Overlay Filter | CVE-2021-26417 | Windows Overlay Filter Information Disclosure Vulnerability |
| Windows Portmapping | CVE-2021-28446 | Windows Portmapping Information Disclosure Vulnerability |
| Windows Registry | CVE-2021-27091 | RPC Endpoint Mapper Service Elevation of Privilege Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28338 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28344 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28337 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28343 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28340 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28339 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28342 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28341 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28336 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28353 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28333 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28332 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28352 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28355 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28358 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28434 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28356 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28357 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28331 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28335 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28327 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28354 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28345 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28346 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28330 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28329 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2021-28334 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Resource Manager | CVE-2021-28320 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability |
| Windows Secure Kernel Mode | CVE-2021-27090 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
| Windows Services and Controller App | CVE-2021-27086 | Windows Services and Controller App Elevation of Privilege Vulnerability |
| Windows SMB Server | CVE-2021-28324 | Windows SMB Information Disclosure Vulnerability |
| Windows SMB Server | CVE-2021-28325 | Windows SMB Information Disclosure Vulnerability |
| Windows TCP/IP | CVE-2021-28319 | Windows TCP/IP Driver Denial of Service Vulnerability |
| Windows TCP/IP | CVE-2021-28442 | Windows TCP/IP Information Disclosure Vulnerability |
| Windows TCP/IP | CVE-2021-28439 | Windows TCP/IP Driver Denial of Service Vulnerability |
| Windows Win32K | CVE-2021-27072 | Win32k Elevation of Privilege Vulnerability |
| Windows Win32K | CVE-2021-28310 | Win32k Elevation of Privilege Vulnerability |
| Windows WLAN Auto Config Service | CVE-2021-28316 | Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27067 MITRE NVD |
CVE Title: Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
CVSS: CVSS:3.0 6.5/5.7
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Azure DevOps Server pipeline configuration variables and secrets. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27067 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure DevOps Server 2019 Update 1 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
| Azure DevOps Server 2019 Update 1.1 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
| Azure DevOps Server 2019.0.1 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
| Azure DevOps Server 2020 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
| Team Foundation Server 2015 Update 4.2 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
| Team Foundation Server 2017 Update 3.1 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
| Team Foundation Server 2018 Update 1.2 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
| Team Foundation Server 2018 Update 3.2 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-27067 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27072 MITRE NVD |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27072 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Elevation of Privilege | 5000807 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Elevation of Privilege | 5000807 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Elevation of Privilege | 5000848 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Elevation of Privilege | 5000848 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Elevation of Privilege | 5000848 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Elevation of Privilege | 5000847 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Elevation of Privilege | 5000847 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Elevation of Privilege | 5000848 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Elevation of Privilege | 5000848 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-27072 | pgboy |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27079 MITRE NVD |
CVE Title: Windows Media Photo Codec Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.7/5.0
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27079 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Information Disclosure | 5000807 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Information Disclosure | 5000807 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-27079 | Ivan Fratric of Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27088 MITRE NVD |
CVE Title: Windows Event Tracing Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27088 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-27088 | Zhang WangJunJie and He YiSheng of Hillstone Network Neuron Security Team Yuki Chen Jarvis_1oop ziming zhang of Ant Security Light-Year Lab Wen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27089 MITRE NVD |
CVE Title: Microsoft Internet Messaging API Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27089 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-27089 | lm0963 and hackyzh at Zion Lab of DBAppSecurity |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27090 MITRE NVD |
CVE Title: Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27090 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-27090 | Saar Amar, Microsoft Security Response Center |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27091 MITRE NVD |
CVE Title: RPC Endpoint Mapper Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/7.0
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27091 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Elevation of Privilege | 5000841 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Elevation of Privilege | 5000841 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Elevation of Privilege | 5000841 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Elevation of Privilege | 5000841 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Elevation of Privilege | 5000847 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Elevation of Privilege | 5000847 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-27091 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27092 MITRE NVD |
CVE Title: Azure AD Web Sign-in Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 6.8/5.9
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27092 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Security Feature Bypass | 5000809 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Security Feature Bypass | 5000809 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Security Feature Bypass | 5000809 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Security Feature Bypass | 5000808 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Security Feature Bypass | 5000808 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Security Feature Bypass | 5000808 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Security Feature Bypass | 5000808 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-27092 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27093 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27093 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Information Disclosure | 5000807 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Information Disclosure | 5000807 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Information Disclosure | 5000847 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Information Disclosure | 5000847 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-27093 | Anonymous Finder |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27094 MITRE NVD |
CVE Title: Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 4.4/3.9
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27094 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Security Feature Bypass | 5000807 | Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Security Feature Bypass | 5000807 | Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Security Feature Bypass | 5000803 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Security Feature Bypass | 5000803 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Security Feature Bypass | 5000809 | Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Security Feature Bypass | 5000809 | Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Security Feature Bypass | 5000809 | Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Security Feature Bypass | 5000808 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Security Feature Bypass | 5000808 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Security Feature Bypass | 5000808 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Security Feature Bypass | 5000848 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Security Feature Bypass | 5000848 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Security Feature Bypass | 5000848 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Security Feature Bypass | 5000847 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Security Feature Bypass | 5000847 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Security Feature Bypass | 5000848 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Security Feature Bypass | 5000848 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Security Feature Bypass | 5000803 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Security Feature Bypass | 5000803 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Security Feature Bypass | 5000808 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-27094 | Maxim Suhanov of BI.ZONE |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27095 MITRE NVD |
CVE Title: Windows Media Video Decoder Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is user interaction required to exploit this vulnerability? Yes. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27095 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Critical | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-27095 | yangkang (@dnpushme) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27096 MITRE NVD |
CVE Title: NTFS Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27096 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Elevation of Privilege | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Elevation of Privilege | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Elevation of Privilege | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Elevation of Privilege | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Elevation of Privilege | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Elevation of Privilege | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Elevation of Privilege | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Elevation of Privilege | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Elevation of Privilege | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Elevation of Privilege | 5000847 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Elevation of Privilege | 5000847 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Elevation of Privilege | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Elevation of Privilege | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-27096 | 0xea31 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26413 MITRE NVD |
CVE Title: Windows Installer Spoofing Vulnerability
CVSS: CVSS:3.0 6.2/5.4
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26413 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Spoofing | 5000807 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Spoofing | 5000807 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Spoofing | 5000803 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Spoofing | 5000803 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Spoofing | 5000809 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Spoofing | 5000809 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Spoofing | 5000809 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Spoofing | 5000822 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Spoofing | 5000822 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Spoofing | 5000822 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Spoofing | 5000808 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Spoofing | 5000808 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Spoofing | 5000808 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Spoofing | 5000802 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Spoofing | 5000802 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Spoofing | 5000802 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Spoofing | 5000802 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Spoofing | 5000802 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Spoofing | 5000802 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Spoofing | 5000841 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Spoofing | 5000841 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Spoofing | 5000848 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Spoofing | 5000848 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Spoofing | 5000848 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Spoofing | 5000844 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Spoofing | 5000844 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Spoofing | 5000844 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Spoofing | 5000844 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Spoofing | 5000841 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Spoofing | 5000841 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Spoofing | 5000847 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Spoofing | 5000847 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Spoofing | 5000848 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Spoofing | 5000848 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Spoofing | 5000803 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Spoofing | 5000803 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Spoofing | 5000822 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Spoofing | 5000822 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Spoofing | 5000808 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Spoofing | 5000802 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Spoofing | 5000802 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26413 | Ron Waisberg (@epsilan) of Okta Ronald McClelland Jr. (Ronsor Labs) - https://undeleted.ronsor.com |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26415 MITRE NVD |
CVE Title: Windows Installer Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26415 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Elevation of Privilege | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Elevation of Privilege | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Elevation of Privilege | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Elevation of Privilege | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Elevation of Privilege | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Elevation of Privilege | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Elevation of Privilege | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Elevation of Privilege | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Elevation of Privilege | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Elevation of Privilege | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Elevation of Privilege | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Elevation of Privilege | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Elevation of Privilege | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Elevation of Privilege | 5000847 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Elevation of Privilege | 5000847 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Elevation of Privilege | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Elevation of Privilege | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26415 | Adrian Denkiewicz of CLOAKED.pl working with Trend Micro's Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26416 MITRE NVD |
CVE Title: Windows Hyper-V Denial of Service Vulnerability
CVSS: CVSS:3.0 7.7/6.7
FAQ: How can an attacker exploit this vulnerability? An attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application. This can cause the host OS to crash by sending specially crafted request. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26416 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Denial of Service | 5000803 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Denial of Service | 5000803 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Denial of Service | 5000803 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26416 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26417 MITRE NVD |
CVE Title: Windows Overlay Filter Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26417 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26417 | k0shl |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28309 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28309 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Information Disclosure | 5000807 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Information Disclosure | 5000807 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Information Disclosure | 5000847 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Information Disclosure | 5000847 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28309 | lm0963 and hackyzh at Zion Lab of DBAppSecurity |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28310 MITRE NVD |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/7.2
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28310 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28310 | Boris Larin (Oct0xor) of Kaspersky Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28311 MITRE NVD |
CVE Title: Windows Application Compatibility Cache Denial of Service Vulnerability
CVSS: CVSS:3.0 6.5/5.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28311 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Denial of Service | 5000803 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Denial of Service | 5000803 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Denial of Service | 5000809 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Denial of Service | 5000809 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Denial of Service | 5000809 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Denial of Service | 5000803 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Denial of Service | 5000803 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28311 | lm0963 & hackyzh at Zion Lab and YanZiShuang of DBAppSecurity |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28312 MITRE NVD |
CVE Title: Windows NTFS Denial of Service Vulnerability
CVSS: CVSS:3.0 3.3/3.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Moderate | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28312 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Moderate | Denial of Service | 5000822 |
Base: 3.3 Temporal: 3.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Moderate | Denial of Service | 5000822 |
Base: 3.3 Temporal: 3.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Moderate | Denial of Service | 5000822 |
Base: 3.3 Temporal: 3.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Moderate | Denial of Service | 5000808 |
Base: 3.3 Temporal: 3.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Moderate | Denial of Service | 5000808 |
Base: 3.3 Temporal: 3.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Moderate | Denial of Service | 5000808 |
Base: 3.3 Temporal: 3.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Moderate | Denial of Service | 5000802 |
Base: 3.3 Temporal: 3.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Moderate | Denial of Service | 5000802 |
Base: 3.3 Temporal: 3.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Moderate | Denial of Service | 5000802 |
Base: 3.3 Temporal: 3.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Moderate | Denial of Service | 5000802 |
Base: 3.3 Temporal: 3.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Moderate | Denial of Service | 5000802 |
Base: 3.3 Temporal: 3.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Moderate | Denial of Service | 5000802 |
Base: 3.3 Temporal: 3.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Moderate | Denial of Service | 5000822 |
Base: 3.3 Temporal: 3.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Moderate | Denial of Service | 5000822 |
Base: 3.3 Temporal: 3.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Moderate | Denial of Service | 5000808 |
Base: 3.3 Temporal: 3.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Moderate | Denial of Service | 5000802 |
Base: 3.3 Temporal: 3.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Moderate | Denial of Service | 5000802 |
Base: 3.3 Temporal: 3.1 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:F/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28312 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28313 MITRE NVD |
CVE Title: Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28313 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Visual Studio 2015 Update 3 | 5001292 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28313 | Imre Rad |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28314 MITRE NVD |
CVE Title: Windows Hyper-V Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28314 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28314 | @rezer0dai |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28315 MITRE NVD |
CVE Title: Windows Media Video Decoder Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is user interaction required to exploit this vulnerability? Yes. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28315 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Critical | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28315 | yangkang(@dnpushme) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28316 MITRE NVD |
CVE Title: Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 4.2/3.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28316 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Security Feature Bypass | 5000807 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Security Feature Bypass | 5000807 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Security Feature Bypass | 5000803 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Security Feature Bypass | 5000803 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Security Feature Bypass | 5000809 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Security Feature Bypass | 5000809 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Security Feature Bypass | 5000809 | Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Security Feature Bypass | 5000808 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Security Feature Bypass | 5000808 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Security Feature Bypass | 5000808 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Security Feature Bypass | 5000841 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Security Feature Bypass | 5000841 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Security Feature Bypass | 5000848 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Security Feature Bypass | 5000848 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Security Feature Bypass | 5000848 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Security Feature Bypass | 5000841 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Security Feature Bypass | 5000841 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Security Feature Bypass | 5000847 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Security Feature Bypass | 5000847 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Security Feature Bypass | 5000848 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Security Feature Bypass | 5000848 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Security Feature Bypass | 5000803 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Security Feature Bypass | 5000803 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Security Feature Bypass | 5000808 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.2 Temporal: 3.7 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28316 | Matthew Johnson of The Missing Link |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28317 MITRE NVD |
CVE Title: Microsoft Windows Codecs Library Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28317 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Information Disclosure | 5000807 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Information Disclosure | 5000807 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Information Disclosure | 5000847 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Information Disclosure | 5000847 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28317 | Josh Gunter, Microsoft Platform Security Assurance & Vulnerability Research Zhangjie and willJ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28318 MITRE NVD |
CVE Title: Windows GDI+ Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28318 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Information Disclosure | 5000807 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Information Disclosure | 5000807 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Information Disclosure | 5000847 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Information Disclosure | 5000847 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28318 | Zhangjie and willJ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28319 MITRE NVD |
CVE Title: Windows TCP/IP Driver Denial of Service Vulnerability
CVSS: CVSS:3.0 7.5/6.5
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28319 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Denial of Service | 5000809 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Denial of Service | 5000809 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Denial of Service | 5000809 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28319 | Microsoft Platform Security Assurance & Vulnerability Research |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28320 MITRE NVD |
CVE Title: Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28320 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Elevation of Privilege | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Elevation of Privilege | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28320 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28321 MITRE NVD |
CVE Title: Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28321 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Visual Studio 2015 Update 3 | 5001292 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28321 | Imre Rad |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28322 MITRE NVD |
CVE Title: Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28322 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Visual Studio 2015 Update 3 | 5001292 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28322 | Imre Rad |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28323 MITRE NVD |
CVE Title: Windows DNS Information Disclosure Vulnerability
CVSS: CVSS:3.0 6.5/5.7
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Does this vulnerability affect both DNS Servers and DNS Clients? Yes. This vulnerability affects both DNS client and DNS servers. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28323 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Information Disclosure | 5000807 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Information Disclosure | 5000807 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Information Disclosure | 5000848 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Information Disclosure | 5000847 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Information Disclosure | 5000847 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28323 | Quan Luo from Codesafe Team of Legendsec at Qi'anxin Group |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28324 MITRE NVD |
CVE Title: Windows SMB Information Disclosure Vulnerability
CVSS: CVSS:3.0 7.5/6.5
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28324 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28324 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28325 MITRE NVD |
CVE Title: Windows SMB Information Disclosure Vulnerability
CVSS: CVSS:3.0 6.5/5.7
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28325 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Information Disclosure | 5000807 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Information Disclosure | 5000807 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Information Disclosure | 5000848 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Information Disclosure | 5000847 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Information Disclosure | 5000847 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28325 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28326 MITRE NVD |
CVE Title: Windows AppX Deployment Server Denial of Service Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28326 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Denial of Service | 5000807 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Denial of Service | 5000807 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Denial of Service | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Denial of Service | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Denial of Service | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Denial of Service | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Denial of Service | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Denial of Service | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Denial of Service | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28326 | Abdelhamid Naceri (halov) working with Trend Micro's Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28327 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28327 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28327 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28328 MITRE NVD |
CVE Title: Windows DNS Information Disclosure Vulnerability
CVSS: CVSS:3.0 6.5/5.7
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28328 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Information Disclosure | 5000807 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Information Disclosure | 5000807 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Information Disclosure | 5000848 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Information Disclosure | 5000847 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Information Disclosure | 5000847 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28328 | Quan Luo from Codesafe Team of Legendsec at Qi'anxin Group |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28329 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28329 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28329 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28330 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28330 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28330 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28331 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28331 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28331 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28332 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28332 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28332 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28333 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28333 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28333 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28334 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28334 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28334 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28335 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28335 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28335 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28336 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28336 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28336 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28337 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28337 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28337 | Yuki Chen of Vulcan Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28338 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28338 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28338 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28339 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28339 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28339 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28340 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28340 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28340 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28341 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28341 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28341 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28342 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28342 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28342 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28343 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28343 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Critical | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Critical | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Critical | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Critical | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Critical | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Critical | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Critical | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Critical | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Critical | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Critical | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28343 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28344 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28344 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28344 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28345 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28345 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28345 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28346 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28346 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28346 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28347 MITRE NVD |
CVE Title: Windows Speech Runtime Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28347 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Elevation of Privilege | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Elevation of Privilege | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28347 | Xuefeng Li (@lxf02942370) & Zhiniang Peng (@edwardzpeng) of Sangfor Lights Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28348 MITRE NVD |
CVE Title: Windows GDI+ Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28348 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28348 | @expend20 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28349 MITRE NVD |
CVE Title: Windows GDI+ Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28349 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28349 | @expend20 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28350 MITRE NVD |
CVE Title: Windows GDI+ Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28350 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28350 | @expend20 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28351 MITRE NVD |
CVE Title: Windows Speech Runtime Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28351 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Elevation of Privilege | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Elevation of Privilege | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28351 | Xuefeng Li (@lxf02942370) & Zhiniang Peng (@edwardzpeng) of Sangfor Lights Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28352 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28352 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28352 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28353 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28353 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28353 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28354 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28354 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28354 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28355 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28355 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28355 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28356 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28356 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28356 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28357 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28357 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28357 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28358 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28358 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28358 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28434 MITRE NVD |
CVE Title: Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28434 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Remote Code Execution | 5000807 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Remote Code Execution | 5000809 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28434 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28435 MITRE NVD |
CVE Title: Windows Event Tracing Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28435 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Information Disclosure | 5000807 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Information Disclosure | 5000807 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28435 | Wen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28436 MITRE NVD |
CVE Title: Windows Speech Runtime Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28436 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Elevation of Privilege | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Elevation of Privilege | 5000807 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28436 | Xuefeng Li @lxf02942370) & Zhiniang Peng @edwardzpeng |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28437 MITRE NVD |
CVE Title: Windows Installer Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28437 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Information Disclosure | 5000807 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Information Disclosure | 5000807 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Information Disclosure | 5000847 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Information Disclosure | 5000847 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28437 | Polar Bear at Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28438 MITRE NVD |
CVE Title: Windows Console Driver Denial of Service Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28438 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Denial of Service | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Denial of Service | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Denial of Service | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28438 | vbty k0shl shijie xu(@ThunderJ17) shijie xu(@ThunderJ17) shijie xu(@ThunderJ17) shijie xu(@ThunderJ17) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28439 MITRE NVD |
CVE Title: Windows TCP/IP Driver Denial of Service Vulnerability
CVSS: CVSS:3.0 7.5/6.5
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28439 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Denial of Service | 5000807 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Denial of Service | 5000807 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Denial of Service | 5000803 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Denial of Service | 5000803 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Denial of Service | 5000809 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Denial of Service | 5000809 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Denial of Service | 5000809 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Denial of Service | 5000841 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Denial of Service | 5000841 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Denial of Service | 5000848 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Denial of Service | 5000848 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Denial of Service | 5000848 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Denial of Service | 5000844 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Denial of Service | 5000844 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Denial of Service | 5000844 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Denial of Service | 5000844 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Denial of Service | 5000841 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Denial of Service | 5000841 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Denial of Service | 5000847 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Denial of Service | 5000847 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Denial of Service | 5000848 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Denial of Service | 5000848 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Denial of Service | 5000803 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Denial of Service | 5000803 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28439 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28440 MITRE NVD |
CVE Title: Windows Installer Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28440 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Elevation of Privilege | 5000807 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Elevation of Privilege | 5000807 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Elevation of Privilege | 5000841 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Elevation of Privilege | 5000841 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Elevation of Privilege | 5000848 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Elevation of Privilege | 5000848 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Elevation of Privilege | 5000848 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Elevation of Privilege | 5000844 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Elevation of Privilege | 5000844 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Elevation of Privilege | 5000844 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Elevation of Privilege | 5000844 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Elevation of Privilege | 5000841 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Elevation of Privilege | 5000841 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Elevation of Privilege | 5000847 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Elevation of Privilege | 5000847 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Elevation of Privilege | 5000848 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Elevation of Privilege | 5000848 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Elevation of Privilege | 5000803 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28440 | Christopher Vella, Microsoft Platform Security Assurance & Vulnerability Research |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28441 MITRE NVD |
CVE Title: Windows Hyper-V Information Disclosure Vulnerability
CVSS: CVSS:3.0 6.5/5.7
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Guest VM to Hyper-V host server - virtualization security boundary. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28441 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28441 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28442 MITRE NVD |
CVE Title: Windows TCP/IP Information Disclosure Vulnerability
CVSS: CVSS:3.0 6.5/5.7
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28442 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Information Disclosure | 5000809 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28442 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28443 MITRE NVD |
CVE Title: Windows Console Driver Denial of Service Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28443 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Denial of Service | 5000807 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Denial of Service | 5000807 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Denial of Service | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Denial of Service | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Denial of Service | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Denial of Service | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Denial of Service | 5000809 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Denial of Service | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Denial of Service | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Denial of Service | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Denial of Service | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Denial of Service | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Denial of Service | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Denial of Service | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Denial of Service | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Denial of Service | 5000844 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Denial of Service | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Denial of Service | 5000841 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Denial of Service | 5000847 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Denial of Service | 5000847 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Denial of Service | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Denial of Service | 5000848 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Denial of Service | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Denial of Service | 5000803 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Denial of Service | 5000822 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Denial of Service | 5000808 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Denial of Service | 5000802 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28443 | nghiadt12 (@nghiadt1098) from Viettel Cyber Security |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28444 MITRE NVD |
CVE Title: Windows Hyper-V Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 5.7/5.0
FAQ: What configurations or versions could be at risk from this vulnerability? This bypass could affect any Hyper-V configurations that are using Router Guard. What is the exposure if the vulnerability was bypassed? Certain packets that would normally be blocked or dropped could be processed. This could allow an attacker to bypass set policy, potentially influencing router paths. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28444 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Security Feature Bypass | 5000807 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Security Feature Bypass | 5000803 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Security Feature Bypass | 5000809 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Security Feature Bypass | 5000808 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Security Feature Bypass | 5000848 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Security Feature Bypass | 5000848 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Security Feature Bypass | 5000848 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Security Feature Bypass | 5000803 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Security Feature Bypass | 5000803 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Security Feature Bypass | 5000808 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28444 | Etienne Champetier (@champtar) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28445 MITRE NVD |
CVE Title: Windows Network File System Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.1/7.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28445 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Remote Code Execution | 5000848 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Remote Code Execution | 5000844 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Remote Code Execution | 5000841 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Remote Code Execution | 5000847 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Remote Code Execution | 5000848 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Remote Code Execution | 5000803 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Remote Code Execution | 5000822 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Remote Code Execution | 5000808 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Remote Code Execution | 5000802 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28445 | Liubenjin from Codesafe Team of Legendsec at Qi'anxin Group |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28446 MITRE NVD |
CVE Title: Windows Portmapping Information Disclosure Vulnerability
CVSS: CVSS:3.0 7.1/6.2
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28446 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Information Disclosure | 5000848 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5001389 (Monthly Rollup) 5001332 (Security Only) |
Important | Information Disclosure | 5000844 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5001335 (Monthly Rollup) 5001392 (Security Only) |
Important | Information Disclosure | 5000841 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Information Disclosure | 5000847 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Information Disclosure | 5000847 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Information Disclosure | 5000848 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Information Disclosure | 5000803 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Information Disclosure | 5000822 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Information Disclosure | 5000808 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Information Disclosure | 5000802 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28446 | vbty |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28447 MITRE NVD |
CVE Title: Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 4.4/3.9
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28447 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5001340 (Security Update) | Important | Security Feature Bypass | 5000807 | Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5001340 (Security Update) | Important | Security Feature Bypass | 5000807 | Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5001347 (Security Update) | Important | Security Feature Bypass | 5000803 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5001347 (Security Update) | Important | Security Feature Bypass | 5000803 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Security Feature Bypass | 5000809 | Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Security Feature Bypass | 5000809 | Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Security Feature Bypass | 5000809 | Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Security Feature Bypass | 5000808 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Security Feature Bypass | 5000808 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Security Feature Bypass | 5000808 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Security Feature Bypass | 5000848 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Security Feature Bypass | 5000848 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5001382 (Monthly Rollup) | Important | Security Feature Bypass | 5000848 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Security Feature Bypass | 5000847 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5001387 (Monthly Rollup) 5001383 (Security Only) |
Important | Security Feature Bypass | 5000847 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Security Feature Bypass | 5000848 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5001382 (Monthly Rollup) 5001393 (Security Only) |
Important | Security Feature Bypass | 5000848 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5001347 (Security Update) | Important | Security Feature Bypass | 5000803 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5001347 (Security Update) | Important | Security Feature Bypass | 5000803 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Security Feature Bypass | 5000822 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Security Feature Bypass | 5000808 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Security Feature Bypass | 5000802 |
Base: 4.4 Temporal: 3.9 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-28447 | Maxim Suhanov, BI.ZONE
https://dfir.ru/ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28448 MITRE NVD |
CVE Title: Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. 1.0    2021-04-15T07:00:00Z     Added acknowledgements. This is an informational change only. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28448 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Visual Studio Code - Kubernetes Tools | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-28448 | David Dworken Ash Fox, Google Security Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28449 MITRE NVD |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/7.0
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Why am I receiving notifications during file load? Some Office files, templates, or add-ins (even ones originally obtained from Microsoft) may display a notification message. Macros, or add-ins, in those files have been disabled. Please see Side effects after you apply April 2021 security updates for Office for more information. I'm running Office 2010 or Office 2013. Why are my add-ins such as Solver and Analysis ToolPak appearing in a different language after installing this update? This behavior is expected after installing these updates. Please see Side effects after you apply April 2021 security updates for Office to learn the steps in order to display the desired language. I'm running Office 2007. How do I protect myself? Microsoft Office 2007 reached end of support on October 10, 2017. To stay supported, you will need to upgrade to a supported version of Office. If upgrading is not feasible, applying the following mitigations can help protect your system; however, they will disable multiple features in Microsoft Office. To mitigate the vulnerability, all of the following modifications must be made:
Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. 1.1    2021-04-27T07:00:00Z     Updated acknowledgment. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28449 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Microsoft Excel 2010 Service Pack 2 (32-bit editions) | 3017810 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Excel 2010 Service Pack 2 (64-bit editions) | 3017810 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 RT Service Pack 1 | 4504735 (Security Update) | Important | Remote Code Execution | 4493239 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 4504735 (Security Update) | Important | Remote Code Execution | 4493239 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 4504735 (Security Update) | Important | Remote Code Execution | 4493239 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (32-bit edition) | 4504721 (Security Update) | Important | Remote Code Execution | 4493233 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (64-bit edition) | 4504721 (Security Update) | Important | Remote Code Execution | 4493233 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | 2553491 (Security Update) 2589361 (Security Update) 4504738 (Security Update) |
Important | Remote Code Execution | 4504703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | 2553491 (Security Update) 2589361 (Security Update) 4504738 (Security Update) |
Important | Remote Code Execution | 4504703 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 RT Service Pack 1 | 4504726 (Security Update) | Important | Remote Code Execution | 4493228 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4504726 (Security Update) 3178643 (Security Update) 3178639 (Security Update) |
Important | Remote Code Execution | 4493228 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4504726 (Security Update) 3178643 (Security Update) 3178639 (Security Update) |
Important | Remote Code Execution | 4493228 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (32-bit edition) | 4504722 (Security Update) | Important | Remote Code Execution | 4493225 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 4504722 (Security Update) | Important | Remote Code Execution | 4493225 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2021-28449 | Nathan Shomber of Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28450 MITRE NVD |
CVE Title: Microsoft SharePoint Denial of Service Update
CVSS: CVSS:3.0 5.0/4.4
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28450 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4493170 (Security Update) | Important | Denial of Service | 4486723 | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Enterprise Server 2016 | 4504719 (Security Update) | Important | Denial of Service | 4493232 | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2010 Service Pack 2 | 4504709 (Security Update) | Important | Denial of Service | 4493223 | Base: 5.0 Temporal: 4.4 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Server 2019 | 4504716 (Security Update) | Important | Denial of Service | 4493230 |
Base: 5.0 Temporal: 4.4 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-28450 | Yuhao Weng (@cjm00nw) of Sangfor & Steven Seeley (@ϻг_ϻε) & Zhiniang Peng(@edwardzpeng |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28451 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. According to the CVSS, User Interaction is Required. What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28451 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Excel 2013 RT Service Pack 1 | 4504735 (Security Update) | Important | Remote Code Execution | 4493239 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 4504735 (Security Update) | Important | Remote Code Execution | 4493239 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 4504735 (Security Update) | Important | Remote Code Execution | 4493239 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (32-bit edition) | 4504721 (Security Update) | Important | Remote Code Execution | 4493233 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (64-bit edition) | 4504721 (Security Update) | Important | Remote Code Execution | 4493233 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office Online Server | 4504714 (Security Update) | Important | Remote Code Execution | 4493229 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office Web Apps Server 2013 Service Pack 1 | 4504729 (Security Update) | Important | Remote Code Execution | 4493234 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-28451 | kdot |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28452 MITRE NVD |
CVE Title: Microsoft Outlook Memory Corruption Vulnerability
CVSS: CVSS:3.0 7.1/6.2
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28452 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C |
No |
| Microsoft Outlook 2010 Service Pack 2 (32-bit editions) | 4493185 (Security Update) | Important | Remote Code Execution | 4486742 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C |
Maybe |
| Microsoft Outlook 2010 Service Pack 2 (64-bit editions) | 4493185 (Security Update) | Important | Remote Code Execution | 4486742 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C |
Maybe |
| Microsoft Outlook 2013 RT Service Pack 1 | 4493185 (Security Update) | Important | Remote Code Execution | 4486742 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C |
Maybe |
| Microsoft Outlook 2013 Service Pack 1 (32-bit editions) | 4504733 (Security Update) | Important | Remote Code Execution | 4486732 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C |
Maybe |
| Microsoft Outlook 2013 Service Pack 1 (64-bit editions) | 4504733 (Security Update) | Important | Remote Code Execution | 4486732 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C |
Maybe |
| Microsoft Outlook 2016 (32-bit edition) | 4504712 (Security Update) | Important | Remote Code Execution | 4486748 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C |
Maybe |
| Microsoft Outlook 2016 (64-bit edition) | 4504712 (Security Update) | Important | Remote Code Execution | 4486748 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-28452 | hackyzh and lm0963 of DBAppSecurity Zion Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28453 MITRE NVD |
CVE Title: Microsoft Word Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. 1.1    2021-04-19T07:00:00Z     Added acknowledgements. This is an informational change only. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28453 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4493215 (Security Update) | Important | Remote Code Execution | 4493142 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4493215 (Security Update) | Important | Remote Code Execution | 4493142 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office Online Server | 4504714 (Security Update) | Important | Remote Code Execution | 4493229 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office Web Apps 2010 Service Pack 2 | 4504705 (Security Update) | Important | Remote Code Execution | 4493183 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office Web Apps Server 2013 Service Pack 1 | 4504729 (Security Update) | Important | Remote Code Execution | 4493234 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4493201 (Security Update) | Important | Remote Code Execution | 4486683 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Enterprise Server 2016 | 4504719 (Security Update) 4504723 (Security Update) |
Important | Remote Code Execution | 4493232 4493199 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Server 2010 Service Pack 2 | 4504701 (Security Update) | Important | Remote Code Execution | 4493178 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Server 2019 | 4504716 (Security Update) 4504715 (Security Update) |
Important | Remote Code Execution | 4493230 4493231 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Word 2010 Service Pack 2 (32-bit editions) | 4493218 (Security Update) | Important | Remote Code Execution | 4493145 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Word 2010 Service Pack 2 (64-bit editions) | 4493218 (Security Update) | Important | Remote Code Execution | 4493145 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Word 2013 RT Service Pack 1 | 4493208 (Security Update) | Important | Remote Code Execution | 4486764 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Word 2013 Service Pack 1 (32-bit editions) | 4493208 (Security Update) | Important | Remote Code Execution | 4486764 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Word 2013 Service Pack 1 (64-bit editions) | 4493208 (Security Update) | Important | Remote Code Execution | 4486764 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Word 2016 (32-bit edition) | 4493198 (Security Update) | Important | Remote Code Execution | 4493156 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Word 2016 (64-bit edition) | 4493198 (Security Update) | Important | Remote Code Execution | 4493156 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-28453 | kdot working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28454 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/7.0
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. According to the CVSS, User Interaction is Required. What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. 1.1    2021-04-15T07:00:00Z     Added acknowledgements. This is an informational change only. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28454 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Microsoft Excel 2010 Service Pack 2 (32-bit editions) | 3017810 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Excel 2010 Service Pack 2 (64-bit editions) | 3017810 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 RT Service Pack 1 | 4504735 (Security Update) | Important | Remote Code Execution | 4493239 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 4504735 (Security Update) | Important | Remote Code Execution | 4493239 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 4504735 (Security Update) | Important | Remote Code Execution | 4493239 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (32-bit edition) | 4504721 (Security Update) | Important | Remote Code Execution | 4493233 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (64-bit edition) | 4504721 (Security Update) | Important | Remote Code Execution | 4493233 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Office 2010 Service Pack 2 (32-bit editions) | 4504739 (Security Update) | Important | Remote Code Execution | 4493214 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Office 2010 Service Pack 2 (64-bit editions) | 4504739 (Security Update) | Important | Remote Code Execution | 4493214 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 RT Service Pack 1 | 4504727 (Security Update) | Important | Remote Code Execution | 4493203 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4504727 (Security Update) | Important | Remote Code Execution | 4493203 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4504727 (Security Update) | Important | Remote Code Execution | 4493203 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (32-bit edition) | 4504724 (Security Update) | Important | Remote Code Execution | 4493200 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 4504724 (Security Update) | Important | Remote Code Execution | 4493200 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
No |
| Microsoft Office Online Server | 4504714 (Security Update) | Important | Remote Code Execution | 4493229 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Office Web Apps Server 2013 Service Pack 1 | 4504729 (Security Update) | Important | Remote Code Execution | 4493234 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-28454 | AIOFuzzer Working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28456 MITRE NVD |
CVE Title: Microsoft Excel Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/5.0
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. According to the CVSS, User Interaction is Required. What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Excel.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28456 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
No |
| Microsoft Excel 2010 Service Pack 2 (32-bit editions) | 3017810 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft Excel 2010 Service Pack 2 (64-bit editions) | 3017810 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 RT Service Pack 1 | 4504735 (Security Update) | Important | Information Disclosure | 4493239 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 4504735 (Security Update) | Important | Information Disclosure | 4493239 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 4504735 (Security Update) | Important | Information Disclosure | 4493239 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (32-bit edition) | 4504721 (Security Update) | Important | Information Disclosure | 4493233 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (64-bit edition) | 4504721 (Security Update) | Important | Information Disclosure | 4493233 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
No |
| Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
No |
| Microsoft Office Online Server | 4504714 (Security Update) | Important | Information Disclosure | 4493229 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft Office Web Apps Server 2013 Service Pack 1 | 4504729 (Security Update) | Important | Information Disclosure | 4493234 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-28456 | Zhangjie and willJ from cdsrc |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28457 MITRE NVD |
CVE Title: Visual Studio Code Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28457 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Visual Studio Code | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-28457 | RyotaK (@ryotkak) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28458 MITRE NVD |
CVE Title: Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/7.0
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28458 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| @azure/ms-rest-nodeauth | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-28458 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28459 MITRE NVD |
CVE Title: Azure DevOps Server Spoofing Vulnerability
CVSS: CVSS:3.0 6.1/5.3
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28459 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure DevOps Server 2020.0.1 | Release Notes (Security Update) | Important | Spoofing | None | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-28459 | Li of SEC Consult Deutschland Unternehmensberatung GmbH |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28460 MITRE NVD |
CVE Title: Azure Sphere Unsigned Code Execution Vulnerability
CVSS: CVSS:3.0 8.1/7.3
FAQ: What version of Azure Sphere has the update that protects from this vulnerability? All versions of Azure Sphere that are 21.03 and higher are protected from this vulnerability. How do I ensure my Azure Sphere device has the update? If your device is new or has not been connected to the internet for a while, connect the device to a secure, private local network with internet access and allow the device to automatically update itself. If the device is already online, verify that the operating system version 21.03 has been installed using the Azure Sphere CLI command:
If the device is connected to the internet and does not yet have the latest update, check the update status with the following Azure Sphere CLI command:
Azure Sphere is running on IoT devices in my environment. How do I know if any of those devices are affected by this vulnerability? An IoT device that is running Azure Sphere and is connected to a network is automatically updated every day. This vulnerability has already been addressed so the devices are protected from this vulnerability. More information on Azure Sphere’s CVE principles can be found on https://docs.microsoft.com/en-us/azure-sphere/deployment/azure-sphere-cves Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28460 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Sphere | Critical | Remote Code Execution | None | Base: 8.1 Temporal: 7.3 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-28460 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28469 MITRE NVD |
CVE Title: Visual Studio Code Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28469 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Visual Studio Code | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-28469 | RyotaK |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28470 MITRE NVD |
CVE Title: Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28470 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Visual Studio Code - GitHub Pull Requests and Issues Extension | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-28470 | RyotaK |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28471 MITRE NVD |
CVE Title: Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28471 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Visual Studio Code | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-28471 | RyotaK (@ryotkak) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28472 MITRE NVD |
CVE Title: Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28472 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Visual Studio Code - Maven for Java Extension | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-28472 | Kc Udonsi (@glitchnsec) of Trend Micro Kc Udonsi (@glitchnsec) of Trend Micro Kc Udonsi (@glitchnsec) of Trend Micro Kc Udonsi (@glitchnsec) of Trend Micro |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28475 MITRE NVD |
CVE Title: Visual Studio Code Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28475 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Visual Studio Code | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-28475 | RyotaK (@ryotkak) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28477 MITRE NVD |
CVE Title: Visual Studio Code Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28477 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Visual Studio Code | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-28477 | RyotaK |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28480 MITRE NVD |
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 9.8/8.5
FAQ: Where can I find more information about protecting myself from this vulnerability? Please see the MSRC Blog Post April 2021 Update Tuesday packages now available for more information. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28480 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Exchange Server 2013 Cumulative Update 23 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2016 Cumulative Update 19 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2016 Cumulative Update 20 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2019 Cumulative Update 8 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2019 Cumulative Update 9 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| CVE ID | Acknowledgements |
| CVE-2021-28480 | National Security Agency Microsoft Security Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28481 MITRE NVD |
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 9.8/8.5
FAQ: Where can I find more information about protecting myself from this vulnerability? Please see the MSRC Blog Post April 2021 Update Tuesday packages now available for more information. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28481 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Exchange Server 2013 Cumulative Update 23 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2016 Cumulative Update 19 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2016 Cumulative Update 20 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2019 Cumulative Update 8 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2019 Cumulative Update 9 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| CVE ID | Acknowledgements |
| CVE-2021-28481 | National Security Agency Microsoft Security Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28482 MITRE NVD |
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: Where can I find more information about protecting myself from this vulnerability? Please see the MSRC Blog Post April 2021 Update Tuesday packages now available for more information. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28482 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Exchange Server 2013 Cumulative Update 23 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2016 Cumulative Update 19 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2016 Cumulative Update 20 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2019 Cumulative Update 8 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2019 Cumulative Update 9 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| CVE ID | Acknowledgements |
| CVE-2021-28482 | National Security Agency |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28483 MITRE NVD |
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 9.0/7.8
FAQ: Where can I find more information about protecting myself from this vulnerability? Please see the MSRC Blog Post April 2021 Update Tuesday packages now available for more information. Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28483 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Exchange Server 2013 Cumulative Update 23 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2016 Cumulative Update 19 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2016 Cumulative Update 20 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2019 Cumulative Update 8 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2019 Cumulative Update 9 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| CVE ID | Acknowledgements |
| CVE-2021-28483 | National Security Agency |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27064 MITRE NVD |
CVE Title: Visual Studio Installer Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/7.0
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27064 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-27064 | Lockheed Martin Red Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-27086 MITRE NVD |
CVE Title: Windows Services and Controller App Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-27086 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1803 for 32-bit Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for ARM64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1803 for x64-based Systems | 5001339 (Security Update) | Important | Elevation of Privilege | 5000809 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5001342 (Security Update) | Important | Elevation of Privilege | 5000822 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5001337 (Security Update) | Important | Elevation of Privilege | 5000808 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5001330 (Security Update) | Important | Elevation of Privilege | 5000802 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-27086 | James Forshaw of Google Project Zero |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28464 MITRE NVD |
CVE Title: VP9 Video Extensions Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? App package versions 1.0.40631.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28464 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| VP9 Video Extensions | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-28464 | Le Huu Quang Linh (@linhlhq) from Vietnam National Cyber Security Center (NCSC Vietnam) jackery |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28466 MITRE NVD |
CVE Title: Raw Image Extension Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is Windows vulnerable in the default configuration? No. Only customers who have installed this app from the Microsoft Store may be vulnerable. How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? App package versions 1.0.40392.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28466 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Raw Image Extension | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-28466 | Wenguang Jiao Zhihua Yao, lm0963 and CSZQ of DBAPPSecurity Zion Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28468 MITRE NVD |
CVE Title: Raw Image Extension Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is Windows vulnerable in the default configuration? No. Only customers who have installed this app from the Microsoft Store may be vulnerable. How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? App package versions 1.0.40392.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28468 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Raw Image Extension | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-28468 | Wenguang Jiao working with Trend Micro Zero Day Initiative> |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-28473 MITRE NVD |
CVE Title: Visual Studio Code Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-04-13T07:00:00Z     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-28473 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Visual Studio Code | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-28473 | RyotaK (@ryotkak) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21194 MITRE NVD |
CVE Title: Chromium: CVE-2021-21194 Use after free in screen capture
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-01T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21194 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21194 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21195 MITRE NVD |
CVE Title: Chromium: CVE-2021-21195 Use after free in V8
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-01T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21195 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21195 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21196 MITRE NVD |
CVE Title: Chromium: CVE-2021-21196 Heap buffer overflow in TabStrip
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-01T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21196 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21196 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21197 MITRE NVD |
CVE Title: Chromium: CVE-2021-21197 Heap buffer overflow in TabStrip
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-01T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21197 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21197 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21198 MITRE NVD |
CVE Title: Chromium: CVE-2021-21198 Out of bounds read in IPC
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-01T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21198 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21198 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21199 MITRE NVD |
CVE Title: Chromium: CVE-2021-21199 Use Use after free in Aura
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-01T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21199 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21199 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21206 MITRE NVD |
CVE Title: Chromium: CVE-2021-21206 Use after free in Blink
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-14T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21206 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21206 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21220 MITRE NVD |
CVE Title: Chromium: CVE-2021-21220 Insufficient validation of untrusted input in V8 for x86_64
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-14T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21220 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21220 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21222 MITRE NVD |
CVE Title: Chromium: CVE-2021-21222 Heap buffer overflow in V8
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-22T20:16:13Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21222 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21222 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21223 MITRE NVD |
CVE Title: Chromium: CVE-2021-21223 Integer overflow in Mojo
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-22T20:16:15Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21223 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21223 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21225 MITRE NVD |
CVE Title: Chromium: CVE-2021-21225 Out of bounds memory access in V8
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-22T20:16:15Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21225 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21225 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21226 MITRE NVD |
CVE Title: Chromium: CVE-2021-21226 Use after free in navigation
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-22T20:16:16Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21226 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21226 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21224 MITRE NVD |
CVE Title: Chromium: CVE-2021-21224 Type Confusion in V8
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-22T20:16:16Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21224 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21224 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21227 MITRE NVD |
CVE Title: Chromium: CVE-2021-21227 Insufficient data validation in V8
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-29T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21227 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21227 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21232 MITRE NVD |
CVE Title: Chromium: CVE-2021-21232 Use after free in Dev Tools
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-29T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21232 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21232 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21233 MITRE NVD |
CVE Title: Chromium: CVE-2021-21233 Heap buffer overflow in ANGLE
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-29T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21233 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21233 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21228 MITRE NVD |
CVE Title: Chromium: CVE-2021-21228 Insufficient policy enforcement in extensions
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-29T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21228 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21228 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21229 MITRE NVD |
CVE Title: Chromium: CVE-2021-21229 Incorrect security UI in downloads
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-29T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21229 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21229 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21230 MITRE NVD |
CVE Title: Chromium: CVE-2021-21230 Type Confusion in V8
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-29T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21230 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21230 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21231 MITRE NVD |
CVE Title: Chromium: CVE-2021-21231 Insufficient data validation in V8
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-29T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21231 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21231 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21201 MITRE NVD |
CVE Title: Chromium: CVE-2021-21201 Use after free in permissions
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-15T18:40:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21201 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21201 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21202 MITRE NVD |
CVE Title: Chromium: CVE-2021-21202 Use after free in extensions
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-15T18:40:01Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21202 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21202 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21203 MITRE NVD |
CVE Title: Chromium: CVE-2021-21203 Use after free in Blink
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-15T18:40:02Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21203 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21203 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21204 MITRE NVD |
CVE Title: Chromium: CVE-2021-21204 Use after free in Blink
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-15T18:40:02Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21204 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21204 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21205 MITRE NVD |
CVE Title: Chromium: CVE-2021-21205 Insufficient policy enforcement in navigation
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-15T18:40:03Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21205 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21205 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21221 MITRE NVD |
CVE Title: Chromium: CVE-2021-21221 Insufficient validation of untrusted input in Mojo
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-15T18:40:03Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21221 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21221 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21207 MITRE NVD |
CVE Title: Chromium: CVE-2021-21207 Use after free in IndexedDB
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-15T18:40:04Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21207 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21207 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21208 MITRE NVD |
CVE Title: Chromium: CVE-2021-21208 Insufficient data validation in QR scanner
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-15T18:40:04Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21208 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21208 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21209 MITRE NVD |
CVE Title: Chromium: CVE-2021-21209 Inappropriate implementation in storage
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-15T18:40:05Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21209 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21209 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21210 MITRE NVD |
CVE Title: Chromium: CVE-2021-21210 Inappropriate implementation in Network
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-15T18:40:05Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21210 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21210 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21211 MITRE NVD |
CVE Title: Chromium: CVE-2021-21211 Inappropriate implementation in Navigation
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-15T18:40:06Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21211 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21211 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21212 MITRE NVD |
CVE Title: Chromium: CVE-2021-21212 Incorrect security UI in Network Config UI
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-15T18:40:06Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21212 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21212 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21213 MITRE NVD |
CVE Title: Chromium: CVE-2021-21213 Use after free in WebMIDI
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-15T18:40:06Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21213 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21213 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21214 MITRE NVD |
CVE Title: Chromium: CVE-2021-21214 Use after free in Network API
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-15T18:40:07Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21214 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21214 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21215 MITRE NVD |
CVE Title: Chromium: CVE-2021-21215 Inappropriate implementation in Autofill
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-15T18:40:07Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21215 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21215 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21216 MITRE NVD |
CVE Title: Chromium: CVE-2021-21216 Inappropriate implementation in Autofill
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-15T18:40:08Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21216 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21216 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21217 MITRE NVD |
CVE Title: Chromium: CVE-2021-21217 Uninitialized Use in PDFium
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-15T18:40:08Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21217 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21217 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21218 MITRE NVD |
CVE Title: Chromium: CVE-2021-21218 Uninitialized Use in PDFium
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-15T18:40:09Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21218 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21218 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2021-21219 MITRE NVD |
CVE Title: Chromium: CVE-2021-21219 Uninitialized Use in PDFium
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-04-15T18:40:09Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-21219 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-21219 | None |